Weekly Vulnerabilities Reports > November 15 to 21, 2010
Overview
59 new vulnerabilities reported during this period, including 6 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 47 products from 25 vendors including Apple, Camtron, Tecvoz, Redhat, and Google. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "SQL Injection", "Resource Management Errors", and "Permissions, Privileges, and Access Controls".
- 55 reported vulnerabilities are remotely exploitables.
- 11 reported vulnerabilities have public exploit available.
- 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 51 reported vulnerabilities are exploitable by an anonymous user.
- Apple has the most reported vulnerabilities, with 38 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
6 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-11-17 | CVE-2010-4233 | Camtron Tecvoz | Credentials Management vulnerability in multiple products The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface. | 10.0 |
2010-11-17 | CVE-2010-4232 | Camtron Tecvoz | Improper Authentication vulnerability in multiple products The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI. | 10.0 |
2010-11-15 | CVE-2010-1378 | Apple | Improper Certificate Validation vulnerability in Apple mac OS X and mac OS X Server OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. | 9.8 |
2010-11-17 | CVE-2010-4230 | Camtron Tecvoz | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method. | 9.3 |
2010-11-15 | CVE-2010-1842 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation. | 9.3 |
2010-11-15 | CVE-2010-1841 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image. | 9.3 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-11-15 | CVE-2010-2892 | Landesk | Improper Input Validation vulnerability in Landesk Management Gateway gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack. | 8.5 |
2010-11-17 | CVE-2010-4107 | HP | Path Traversal vulnerability in HP products The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack. | 7.8 |
2010-11-17 | CVE-2010-4234 | Camtron Tecvoz | Resource Management Errors vulnerability in multiple products The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval. | 7.8 |
2010-11-17 | CVE-2010-4231 | Camtron Tecvoz | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a .. | 7.8 |
2010-11-16 | CVE-2010-1843 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet. | 7.8 |
2010-11-17 | CVE-2010-4168 | Openttd Fedoraproject | Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp. | 7.5 |
2010-11-17 | CVE-2010-4273 | Accimoveis | SQL Injection vulnerability in Accimoveis Descargarvista ACC Imoveis 1.1 SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-11-17 | CVE-2010-4272 | Pulseinfotech Joomla | SQL Injection vulnerability in Pulseinfotech COM Sponsorwall 1.1 SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
2010-11-17 | CVE-2010-4271 | Impresscms | SQL Injection vulnerability in Impresscms SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-11-17 | CVE-2010-4269 | O DYN | SQL Injection vulnerability in O-Dyn Collabtive 0.6.5 SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action. | 7.5 |
2010-11-17 | CVE-2010-4268 | Pulseinfotech Joomla | SQL Injection vulnerability in Pulseinfotech COM Flipwall 1.1 SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
2010-11-15 | CVE-2010-1840 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 7.5 |
2010-11-16 | CVE-2010-1844 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image. | 7.1 |
39 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-11-17 | CVE-2010-4159 | Mono | Local Privilege Escalation vulnerability in Mono 'loader.c' Library Loading Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory. | 6.9 |
2010-11-16 | CVE-2010-4010 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. | 6.8 |
2010-11-16 | CVE-2010-3795 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. | 6.8 |
2010-11-16 | CVE-2010-3794 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | 6.8 |
2010-11-16 | CVE-2010-3793 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file. | 6.8 |
2010-11-16 | CVE-2010-3792 | Apple | Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Quicktime Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. | 6.8 |
2010-11-16 | CVE-2010-3791 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. | 6.8 |
2010-11-16 | CVE-2010-3790 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary. | 6.8 |
2010-11-16 | CVE-2010-3789 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file. | 6.8 |
2010-11-16 | CVE-2010-3788 | Apple | Improper Input Validation vulnerability in Apple mac OS X, mac OS X Server and Quicktime QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file. | 6.8 |
2010-11-16 | CVE-2010-3787 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. | 6.8 |
2010-11-16 | CVE-2010-3786 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file. | 6.8 |
2010-11-16 | CVE-2010-3785 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. | 6.8 |
2010-11-16 | CVE-2010-3783 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. | 6.8 |
2010-11-16 | CVE-2010-1846 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image. | 6.8 |
2010-11-16 | CVE-2010-1845 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image. | 6.8 |
2010-11-15 | CVE-2010-1837 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document. | 6.8 |
2010-11-15 | CVE-2010-1836 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 6.8 |
2010-11-15 | CVE-2010-1833 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document. | 6.8 |
2010-11-15 | CVE-2010-1832 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document. | 6.8 |
2010-11-15 | CVE-2010-1831 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document. | 6.8 |
2010-11-17 | CVE-2010-4215 | Foswiki | Permissions, Privileges, and Access Controls vulnerability in Foswiki 1.1.0/1.1.1 UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. | 6.5 |
2010-11-15 | CVE-2010-1829 | Apple | Path Traversal vulnerability in Apple mac OS X and mac OS X Server Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share. | 6.0 |
2010-11-17 | CVE-2010-3868 | Redhat | Improper Authentication vulnerability in Redhat Certificate System and Dogtag Certificate System Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component. | 5.8 |
2010-11-15 | CVE-2010-1834 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address. | 5.8 |
2010-11-17 | CVE-2010-3978 | Spreecommerce | Information Exposure vulnerability in Spreecommerce Spree 0.11.0/0.11.1/0.30.0 Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue. | 5.0 |
2010-11-16 | CVE-2010-3784 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. | 5.0 |
2010-11-15 | CVE-2010-1830 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors. | 5.0 |
2010-11-15 | CVE-2010-1828 | Apple | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets. | 5.0 |
2010-11-16 | CVE-2010-1847 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors. | 4.9 |
2010-11-17 | CVE-2010-4274 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Director Agent 6.2.0 reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. | 4.4 |
2010-11-15 | CVE-2010-1838 | Apple | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. | 4.4 |
2010-11-17 | CVE-2010-4008 | Xmlsoft Apple Debian Canonical Redhat Opensuse Suse Apache | Buffer Errors vulnerability in Google Chrome libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | 4.3 |
2010-11-16 | CVE-2010-3796 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. | 4.3 |
2010-11-15 | CVE-2010-1803 | Apple | Unspecified vulnerability in Apple mac OS X and mac OS X Server Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume. | 4.3 |
2010-11-15 | CVE-2010-0113 | Symantec | Credentials Management vulnerability in Symantec Mobile Security 1.0 The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs. | 4.3 |
2010-11-17 | CVE-2010-3869 | Redhat | Cryptographic Issues vulnerability in Redhat Certificate System and Dogtag Certificate System Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN. | 4.0 |
2010-11-17 | CVE-2010-4011 | Apple | Information Exposure vulnerability in Apple mac OS X Server 10.6.5 Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue." Per: http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html 'Dovecot is only provided with Mac OS X Server systems. | 4.0 |
2010-11-15 | CVE-2010-2638 | IBM | Resource Management Errors vulnerability in IBM Websphere MQ Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. | 4.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2010-11-16 | CVE-2010-3797 | Apple | Cross-Site Scripting vulnerability in Apple mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |